CVE-2008-4476

EPSS 0.02%

Published: 10/7/2008Modified: 4/28/2026

Description

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.

Affected packages (1)

Debian/sympafrom 0, < 5.3.4-5.1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-4476